Skip to content

Uber faces data breach following attack on third-party vendor Teqtivity

  • by
  • 2 min read

A threat actor named ‘UberLeaks’ has leaked employee email addresses and Windows Active Directory information for over 77,000 Uber employees, corporate reports as well as IT asset information after breaching Teqtivity, a third-party program the company uses for asset management and tracking services. 

Apart from the aforementioned data, the leak also included source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information. The leaked source code is associated with the mobile device management platforms used by Uber and Uber Eats as well as third-party vendors. 

According to a data breach notification published by Teqtivity, the attackers gained access to an AWS backup server that stored Teqtivity code and data files related to Teqtivity customers, including Uber. This meant that the attackers had access to both device and user information including:

  • First and last names
  • Work email addresses and locations. 
  • Serial number, make, model and technical specifications of the infected server. 

The company has hired a third-party forensics firm to investigate all logs and server configuration while a separate third-party security team has been hired to run penetration tests on the infrastructure.

While ‘UberLeaks’ claims in their forum post that they breached an internal Uber domain ‘uberinternal.com’ as well, BleepingComputer reports that Uber is yet to see any malicious activity on its internal systems. 

The forum post for the leaked data also mentions the $Lapsus group, which breached the company’s internal systems including vulnerability reports, Google Workspace email admin dashboard and Slack server, to which the attacker reportedly posted several messages.

However, Uber has confirmed that $Lapsus isn’t related to this breach. The leaked data itself is also related to internal corporate affairs at Uber and doesn’t contain any customer information. That said, the leaked information can be used to conduct targeted phishing attacks on Uber employees.  

In the News: Novel Python malware gains remote access to VMware ESXi servers

>